diff options
author | Yi Kong <yikong@google.com> | 2021-05-27 01:29:22 +0800 |
---|---|---|
committer | Yi Kong <yikong@google.com> | 2021-06-11 01:49:56 +0800 |
commit | 2a8f28f46094672eec33ae234ed97a8b63c483c4 (patch) | |
tree | bb2d12fcb00260a05a06fd9dde7c12b7e21c53b9 | |
parent | 791c277789eaed56b901b4f0a5a3656e5930c935 (diff) | |
download | extras-2a8f28f46094672eec33ae234ed97a8b63c483c4.tar.gz |
profcollectd: fix setting ACL bits
Unlike C++17 filesystem library, Rust OpenOptions.mode masks the given ACL
bits with environment umask. This behaviour is unintended.
Since the Rust API doesn't not provide a way to set ACL without umask
during file creation, change the permission after the fact.
Test: manual
Bug: 189325542
Change-Id: I285c36d93d69e8304177d54dc48429f924020f8a
Merged-In: I285c36d93d69e8304177d54dc48429f924020f8a
(cherry picked from commit dcff610995f7d100b5b2729959bd47e58f2a4862)
-rw-r--r-- | profcollectd/libprofcollectd/report.rs | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/profcollectd/libprofcollectd/report.rs b/profcollectd/libprofcollectd/report.rs index f3b8fe12..c37993b7 100644 --- a/profcollectd/libprofcollectd/report.rs +++ b/profcollectd/libprofcollectd/report.rs @@ -19,9 +19,9 @@ use anyhow::{anyhow, Result}; use lazy_static::lazy_static; use macaddr::MacAddr6; -use std::fs::{self, File}; +use std::fs::{self, File, Permissions}; use std::io::{Read, Write}; -use std::os::unix::fs::OpenOptionsExt; +use std::os::unix::fs::PermissionsExt; use std::path::{Path, PathBuf}; use std::time::SystemTime; use uuid::v1::{Context, Timestamp}; @@ -45,11 +45,14 @@ pub fn pack_report(profile: &Path, report: &Path, config: &Config) -> Result<Str // Remove the current report file if exists. fs::remove_file(&report).ok(); + let report_file = fs::OpenOptions::new().create_new(true).write(true).open(&report)?; + // Set report file ACL bits to 644, so that this can be shared to uploaders. // Who has permission to actually read the file is protected by SELinux policy. - let report = fs::OpenOptions::new().create_new(true).write(true).mode(0o644).open(&report)?; + fs::set_permissions(&report, Permissions::from_mode(0o644))?; + let options = FileOptions::default().compression_method(Deflated); - let mut zip = ZipWriter::new(report); + let mut zip = ZipWriter::new(report_file); fs::read_dir(profile)? .filter_map(|e| e.ok()) |